Program Evaluation and Audit 2007 RISK ASSESSMENT AND AUDIT PLAN DRAFT – January 11, 2007 BACKGROUND Requirements of the Standards In the Institute of Internal Auditors’ Standards for the Professional Practice of Internal Auditing, standard 2010 deals with audit planning, and requires, in part: • That the chief audit executive (Director) establish risk-based audit plans to prioritize internal audit activities consistent with the organization’s goals. • That the audit plan should be based on an annual risk assessment created with the input of senior management and the board. This document represents the risk assessment for 2007, as well as the proposed audit plan based on that assessment. Process To maximize the involvement of senior management throughout the Council, the Director and staff representatives conducted risk assessment meetings with the management teams for each of the Council’s Divisions. A draft was prepared to share with the Senior Strategy Team for their information, prior to taking it to the Council’s Audit Committee for final approval. Overview This document is written in three parts: • The Council’s General Risk Environment, • Risks Affecting Specific Program Areas, • Proposed 2007 Planned Audit Projects. GENERAL RISK ENVIRONMENT The Metropolitan Council focuses on a number of policy areas: • Environmental Services works to protect the public health and the environment by providing efficient and ...